Our selection of the most recent infosec articles from around the web, including a vulnerability, a malware and a phishing attack all directed at Microsoft users. Sucuri reports an increase in Troldesh ransomware.
For more articles, check out our #onpatrol4malware blog.
HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion
Source: Carnegie Mellon University
Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Read more.
In the Balkans, businesses are under fire from a double‑barreled weapon
ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers. Read more.
Microsoft Warns of Phishing Attacks Using Custom 404 Pages
Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. Read more.
Psychological Tricks of the Malware Trade
Unfortunately, this is a trick not lost on malware designers, who are increasingly exploiting clever traps that leverage the psychology of end users and system administrators alike. Read more.
A new Zero-Day in Steam client impacts over 96 million Windows users
Source: Security Affairs
A new zero-day vulnerability for Microsoft Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. Read more.
New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry
The CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF attachment to deliver the notorious Adwind malware. Read more.
Cybersecurity: This trojan malware being offered for free could cause hacking spike
NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Microsoft Windows users. Read more.